Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirection


  • This topic is locked This topic is locked
15 replies to this topic

#1 Shehub

Shehub

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 December 2011 - 06:19 PM

My computer would redirect google searches elsewhere. I know the site isn't supposed to look like that.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Run by Owner at 16:47:09 on 2011-12-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.245 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: McAfee Personal Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.ask.com?o=15179&l=dis
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McBrwHelper Class: {227b8aa8-daf2-4892-bd1d-73f568bcb24e} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: McAfee Privacy Service Popup Blocker: {3ec8255f-e043-4cae-8b3b-b191550c2a22} - c:\program files\mcafee.com\mps\popupkiller.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Epson Stylus NX420(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\windows\temp\E_SA6.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\windows\temp\E_S18.tmp" /EF "HKCU"
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
uRun: [Facebook Update] "c:\documents and settings\owner\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Media Finder] "c:\program files\media finder\MF.exe" /opentotray
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MPSExe] c:\progra~1\mcafee.com\mps\mscifapp.exe /embedding
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\epsona~1.lnk - e:\common\epsonreg\EpsonReg.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\mclsp.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177643532457
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{11678E31-4707-4E43-93FA-5F93C69C27C1} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\jmd6i6di.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\owner\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-8-2 80640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [2006-8-2 18816]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [2006-8-2 9600]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2005-6-21 69692]
.
=============== Created Last 30 ================
.
2011-12-21 02:12:32 329216 ----a-w- c:\documents and settings\owner\local settings\application data\pbs.exe
2011-12-19 22:03:34 -------- d-----w- c:\documents and settings\owner\application data\Media Finder
2011-12-19 04:59:27 -------- d-----w- c:\documents and settings\owner\application data\AVG Secure Search
2011-12-14 19:41:08 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2011-12-14 19:40:56 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-12-14 19:40:52 -------- d-----w- c:\program files\AVG Secure Search
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 16:53:17.95 ===============

Attached Files


Edited by Shehub, 21 December 2011 - 08:19 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 25 December 2011 - 01:02 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Shehub

Shehub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 25 December 2011 - 10:02 PM

I followed the instructions. And when I am guessing Combofix ran all I got was a blue screen with a period flashing, nothing going on. And i couldn't do anything else, not end it or anything so I just shut off the computer and now that's where I am now.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 25 December 2011 - 10:13 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Shehub

Shehub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 25 December 2011 - 11:24 PM

22:22:18.0953 4304 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:22:20.0953 4304 ============================================================
22:22:20.0953 4304 Current date / time: 2011/12/25 22:22:20.0953
22:22:20.0953 4304 SystemInfo:
22:22:20.0953 4304
22:22:20.0953 4304 OS Version: 5.1.2600 ServicePack: 3.0
22:22:20.0953 4304 Product type: Workstation
22:22:20.0953 4304 ComputerName: TWINS
22:22:20.0984 4304 UserName: Owner
22:22:20.0984 4304 Windows directory: C:\WINDOWS
22:22:20.0984 4304 System windows directory: C:\WINDOWS
22:22:20.0984 4304 Processor architecture: Intel x86
22:22:20.0984 4304 Number of processors: 2
22:22:20.0984 4304 Page size: 0x1000
22:22:20.0984 4304 Boot type: Normal boot
22:22:20.0984 4304 ============================================================
22:22:28.0234 4304 Initialize success
22:22:34.0109 6076 ============================================================
22:22:34.0109 6076 Scan started
22:22:34.0109 6076 Mode: Manual;
22:22:34.0109 6076 ============================================================
22:22:38.0234 6076 Abiosdsk - ok
22:22:38.0296 6076 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:22:38.0296 6076 abp480n5 - ok
22:22:38.0375 6076 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:22:38.0375 6076 ACPI - ok
22:22:38.0390 6076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:22:38.0390 6076 ACPIEC - ok
22:22:38.0468 6076 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:22:38.0468 6076 adpu160m - ok
22:22:38.0531 6076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:22:38.0546 6076 aec - ok
22:22:38.0593 6076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:22:39.0625 6076 AFD - ok
22:22:40.0062 6076 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:22:40.0062 6076 agp440 - ok
22:22:40.0156 6076 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:22:40.0156 6076 agpCPQ - ok
22:22:40.0312 6076 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:22:40.0312 6076 Aha154x - ok
22:22:40.0390 6076 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:22:40.0390 6076 aic78u2 - ok
22:22:40.0421 6076 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:22:40.0421 6076 aic78xx - ok
22:22:40.0546 6076 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:22:40.0546 6076 AliIde - ok
22:22:40.0609 6076 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:22:40.0609 6076 alim1541 - ok
22:22:40.0656 6076 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:22:40.0656 6076 amdagp - ok
22:22:40.0718 6076 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:22:40.0718 6076 amsint - ok
22:22:40.0843 6076 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:22:41.0640 6076 Arp1394 - ok
22:22:41.0968 6076 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:22:41.0984 6076 asc - ok
22:22:42.0031 6076 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:22:42.0031 6076 asc3350p - ok
22:22:42.0046 6076 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:22:42.0046 6076 asc3550 - ok
22:22:42.0109 6076 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
22:22:42.0140 6076 ASCTRM - ok
22:22:42.0187 6076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:22:43.0171 6076 AsyncMac - ok
22:22:43.0406 6076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:22:43.0437 6076 atapi - ok
22:22:43.0453 6076 Atdisk - ok
22:22:43.0500 6076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:22:44.0031 6076 Atmarpc - ok
22:22:44.0296 6076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:22:44.0593 6076 audstub - ok
22:22:44.0953 6076 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:22:44.0953 6076 AVGIDSDriver - ok
22:22:45.0078 6076 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:22:45.0078 6076 AVGIDSEH - ok
22:22:45.0140 6076 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:22:45.0140 6076 AVGIDSFilter - ok
22:22:45.0187 6076 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:22:45.0187 6076 AVGIDSShim - ok
22:22:45.0265 6076 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:22:46.0109 6076 Avgldx86 - ok
22:22:46.0359 6076 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:22:46.0375 6076 Avgmfx86 - ok
22:22:46.0453 6076 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:22:46.0484 6076 Avgrkx86 - ok
22:22:46.0531 6076 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:22:46.0718 6076 Avgtdix - ok
22:22:47.0031 6076 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\drivers\BCM42RLY.SYS
22:22:47.0484 6076 BCM42RLY - ok
22:22:47.0734 6076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:22:48.0218 6076 Beep - ok
22:22:48.0531 6076 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:22:48.0562 6076 cbidf - ok
22:22:48.0609 6076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:22:48.0609 6076 cbidf2k - ok
22:22:48.0718 6076 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:22:49.0515 6076 CCDECODE - ok
22:22:49.0953 6076 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:22:49.0968 6076 cd20xrnt - ok
22:22:50.0046 6076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:22:50.0406 6076 Cdaudio - ok
22:22:50.0765 6076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:22:50.0765 6076 Cdfs - ok
22:22:50.0828 6076 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
22:22:50.0984 6076 Cdr4_xp - ok
22:22:51.0000 6076 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
22:22:51.0015 6076 Cdralw2k - ok
22:22:51.0046 6076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:22:51.0062 6076 Cdrom - ok
22:22:51.0078 6076 Changer - ok
22:22:51.0109 6076 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:22:51.0421 6076 CmBatt - ok
22:22:51.0765 6076 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:22:51.0765 6076 CmdIde - ok
22:22:51.0843 6076 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:22:51.0843 6076 Compbatt - ok
22:22:51.0937 6076 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:22:51.0937 6076 Cpqarray - ok
22:22:52.0078 6076 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
22:22:52.0515 6076 cpudrv - ok
22:22:52.0812 6076 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:22:52.0812 6076 dac2w2k - ok
22:22:52.0859 6076 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:22:52.0859 6076 dac960nt - ok
22:22:52.0937 6076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:22:52.0937 6076 Disk - ok
22:22:53.0078 6076 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:22:53.0562 6076 dmboot - ok
22:22:53.0890 6076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:22:54.0515 6076 dmio - ok
22:22:54.0890 6076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:22:55.0296 6076 dmload - ok
22:22:55.0656 6076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:22:55.0671 6076 DMusic - ok
22:22:55.0734 6076 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:22:55.0750 6076 dpti2o - ok
22:22:55.0796 6076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:22:55.0796 6076 drmkaud - ok
22:22:56.0093 6076 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:22:56.0390 6076 e1express - ok
22:22:56.0671 6076 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys
22:22:57.0078 6076 el575nd5 - ok
22:22:57.0312 6076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:22:57.0312 6076 Fastfat - ok
22:22:57.0343 6076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:22:57.0531 6076 Fdc - ok
22:22:57.0578 6076 FinePnt (560b5dd7406bbd1e2bfd5f6d5872aad5) C:\WINDOWS\system32\DRIVERS\FpHidDrv.sys
22:22:58.0203 6076 FinePnt - ok
22:22:58.0468 6076 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:22:58.0703 6076 Fips - ok
22:22:59.0171 6076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:22:59.0687 6076 Flpydisk - ok
22:23:00.0078 6076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:23:00.0078 6076 FltMgr - ok
22:23:00.0156 6076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:23:00.0531 6076 Fs_Rec - ok
22:23:00.0921 6076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:23:00.0921 6076 Ftdisk - ok
22:23:01.0062 6076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:23:01.0484 6076 GEARAspiWDM - ok
22:23:01.0703 6076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:23:02.0328 6076 Gpc - ok
22:23:02.0687 6076 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:23:02.0687 6076 HDAudBus - ok
22:23:02.0812 6076 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:23:02.0828 6076 hpn - ok
22:23:03.0000 6076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:23:03.0046 6076 HTTP - ok
22:23:03.0140 6076 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:23:03.0281 6076 i2omgmt - ok
22:23:03.0390 6076 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:23:03.0390 6076 i2omp - ok
22:23:03.0453 6076 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:23:03.0765 6076 i8042prt - ok
22:23:04.0750 6076 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:23:06.0640 6076 ialm - ok
22:23:07.0375 6076 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
22:23:07.0390 6076 iaStor - ok
22:23:07.0546 6076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:23:07.0546 6076 Imapi - ok
22:23:07.0703 6076 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:23:07.0718 6076 ini910u - ok
22:23:07.0812 6076 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:23:07.0812 6076 IntelIde - ok
22:23:07.0968 6076 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:23:07.0968 6076 intelppm - ok
22:23:08.0031 6076 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:23:08.0515 6076 Ip6Fw - ok
22:23:08.0734 6076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:23:08.0750 6076 IpFilterDriver - ok
22:23:08.0859 6076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:23:09.0218 6076 IpInIp - ok
22:23:09.0562 6076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:23:09.0562 6076 IpNat - ok
22:23:09.0625 6076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:23:09.0890 6076 IPSec - ok
22:23:10.0171 6076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:23:10.0328 6076 IRENUM - ok
22:23:10.0375 6076 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:23:10.0375 6076 isapnp - ok
22:23:10.0453 6076 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:23:10.0578 6076 Kbdclass - ok
22:23:10.0937 6076 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:23:11.0187 6076 kbdhid - ok
22:23:11.0546 6076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:23:11.0546 6076 kmixer - ok
22:23:11.0609 6076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:23:11.0609 6076 KSecDD - ok
22:23:11.0640 6076 lbrtfdc - ok
22:23:11.0796 6076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:23:12.0234 6076 mnmdd - ok
22:23:12.0515 6076 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:23:12.0531 6076 Modem - ok
22:23:12.0546 6076 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:23:12.0703 6076 Mouclass - ok
22:23:12.0906 6076 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:23:13.0265 6076 mouhid - ok
22:23:13.0562 6076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:23:13.0562 6076 MountMgr - ok
22:23:13.0640 6076 MPFIREWL (537b049dbaba4febcdaae711c0f2805b) C:\WINDOWS\system32\Drivers\MpFirewall.sys
22:23:14.0250 6076 MPFIREWL - ok
22:23:14.0593 6076 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:23:14.0593 6076 mraid35x - ok
22:23:14.0703 6076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:23:14.0718 6076 MRxDAV - ok
22:23:14.0875 6076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:23:15.0015 6076 MRxSmb - ok
22:23:15.0031 6076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:23:15.0031 6076 Msfs - ok
22:23:15.0078 6076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:23:15.0187 6076 MSKSSRV - ok
22:23:15.0406 6076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:23:15.0562 6076 MSPCLOCK - ok
22:23:15.0593 6076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:23:15.0750 6076 MSPQM - ok
22:23:16.0000 6076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:23:16.0000 6076 mssmbios - ok
22:23:16.0062 6076 MSTabBtn (8c15f3eefbfa8cf345f5e420558dd24c) C:\WINDOWS\system32\DRIVERS\MSTabBtn.sys
22:23:16.0109 6076 MSTabBtn - ok
22:23:16.0187 6076 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:23:16.0296 6076 MSTEE - ok
22:23:16.0359 6076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:23:16.0359 6076 Mup - ok
22:23:16.0609 6076 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:23:17.0000 6076 NABTSFEC - ok
22:23:17.0296 6076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:23:17.0312 6076 NDIS - ok
22:23:17.0343 6076 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:23:17.0593 6076 NdisIP - ok
22:23:17.0906 6076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:23:18.0234 6076 NdisTapi - ok
22:23:18.0500 6076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:23:18.0500 6076 Ndisuio - ok
22:23:18.0562 6076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:23:18.0890 6076 NdisWan - ok
22:23:19.0125 6076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:23:19.0234 6076 NDProxy - ok
22:23:19.0281 6076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:23:19.0281 6076 NetBIOS - ok
22:23:19.0312 6076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:23:19.0671 6076 NetBT - ok
22:23:20.0312 6076 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
22:23:20.0671 6076 NETw4x32 - ok
22:23:21.0437 6076 NETwLx32 (cbd6918929b5edacff9c782536019bbb) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
22:23:22.0203 6076 NETwLx32 - ok
22:23:22.0515 6076 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:23:22.0515 6076 NIC1394 - ok
22:23:22.0546 6076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:23:22.0546 6076 Npfs - ok
22:23:22.0609 6076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:23:22.0625 6076 Ntfs - ok
22:23:22.0703 6076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:23:22.0843 6076 Null - ok
22:23:22.0875 6076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:23:23.0312 6076 NwlnkFlt - ok
22:23:23.0625 6076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:23:23.0812 6076 NwlnkFwd - ok
22:23:23.0890 6076 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:23:23.0890 6076 ohci1394 - ok
22:23:24.0031 6076 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:23:24.0031 6076 Parport - ok
22:23:24.0062 6076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:23:24.0062 6076 PartMgr - ok
22:23:24.0093 6076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:23:24.0218 6076 ParVdm - ok
22:23:24.0312 6076 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:23:24.0312 6076 PCI - ok
22:23:24.0328 6076 PCIDump - ok
22:23:24.0390 6076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:23:24.0390 6076 PCIIde - ok
22:23:24.0468 6076 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:23:24.0468 6076 Pcmcia - ok
22:23:24.0484 6076 PDCOMP - ok
22:23:24.0500 6076 PDFRAME - ok
22:23:24.0515 6076 PDRELI - ok
22:23:24.0531 6076 PDRFRAME - ok
22:23:24.0593 6076 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:23:24.0609 6076 perc2 - ok
22:23:24.0765 6076 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:23:24.0765 6076 perc2hib - ok
22:23:24.0859 6076 PhilCam8116 (8754763a924639b9d07d4c8ea9990f1e) C:\WINDOWS\system32\DRIVERS\CamDrO21.sys
22:23:25.0093 6076 PhilCam8116 - ok
22:23:25.0203 6076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:23:25.0296 6076 PptpMiniport - ok
22:23:25.0593 6076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:23:25.0781 6076 PSched - ok
22:23:26.0031 6076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:23:26.0250 6076 Ptilink - ok
22:23:26.0578 6076 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:23:26.0593 6076 PxHelp20 - ok
22:23:26.0656 6076 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:23:26.0656 6076 ql1080 - ok
22:23:26.0671 6076 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:23:26.0687 6076 Ql10wnt - ok
22:23:26.0765 6076 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:23:26.0765 6076 ql12160 - ok
22:23:26.0906 6076 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:23:26.0906 6076 ql1240 - ok
22:23:26.0921 6076 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:23:26.0921 6076 ql1280 - ok
22:23:26.0937 6076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:23:27.0125 6076 RasAcd - ok
22:23:27.0312 6076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:23:27.0546 6076 Rasl2tp - ok
22:23:27.0625 6076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:23:27.0968 6076 RasPppoe - ok
22:23:28.0343 6076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:23:28.0890 6076 Raspti - ok
22:23:29.0406 6076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:23:29.0468 6076 Rdbss - ok
22:23:29.0593 6076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:23:29.0765 6076 RDPCDD - ok
22:23:30.0062 6076 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:23:30.0218 6076 rdpdr - ok
22:23:30.0343 6076 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:23:30.0500 6076 RDPWD - ok
22:23:30.0703 6076 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:23:30.0703 6076 redbook - ok
22:23:30.0828 6076 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:23:30.0828 6076 s24trans - ok
22:23:30.0906 6076 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:23:31.0046 6076 sdbus - ok
22:23:31.0140 6076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:23:31.0187 6076 Secdrv - ok
22:23:31.0234 6076 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:23:31.0375 6076 serenum - ok
22:23:31.0609 6076 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:23:31.0703 6076 Serial - ok
22:23:31.0890 6076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:23:32.0203 6076 Sfloppy - ok
22:23:32.0359 6076 Simbad - ok
22:23:32.0453 6076 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:23:32.0468 6076 sisagp - ok
22:23:32.0562 6076 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:23:32.0906 6076 SLIP - ok
22:23:33.0359 6076 smserial (78da3038965de2b3834303dfb0578326) C:\WINDOWS\system32\DRIVERS\smserial.sys
22:23:33.0625 6076 smserial - ok
22:23:34.0000 6076 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:23:34.0125 6076 SONYPVU1 - ok
22:23:34.0203 6076 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:23:34.0203 6076 Sparrow - ok
22:23:34.0281 6076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:23:34.0296 6076 splitter - ok
22:23:34.0562 6076 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:23:34.0578 6076 sr - ok
22:23:34.0656 6076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:23:34.0671 6076 Srv - ok
22:23:35.0015 6076 STHDA (3b24ada55d3bdfdc0e6679d15fa668d8) C:\WINDOWS\system32\drivers\sthda.sys
22:23:35.0156 6076 STHDA - ok
22:23:35.0468 6076 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:23:35.0656 6076 streamip - ok
22:23:35.0687 6076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:23:35.0875 6076 swenum - ok
22:23:36.0093 6076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:23:36.0093 6076 swmidi - ok
22:23:36.0187 6076 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:23:36.0218 6076 symc810 - ok
22:23:36.0265 6076 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:23:36.0265 6076 symc8xx - ok
22:23:36.0328 6076 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:23:36.0343 6076 sym_hi - ok
22:23:36.0359 6076 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:23:36.0359 6076 sym_u3 - ok
22:23:36.0437 6076 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:23:36.0640 6076 SynTP - ok
22:23:37.0000 6076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:23:37.0000 6076 sysaudio - ok
22:23:37.0125 6076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:23:37.0296 6076 Tcpip - ok
22:23:37.0562 6076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:23:37.0781 6076 TDPIPE - ok
22:23:38.0265 6076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:23:38.0421 6076 TDTCP - ok
22:23:38.0703 6076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:23:39.0296 6076 TermDD - ok
22:23:39.0609 6076 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
22:23:39.0968 6076 tifm21 - ok
22:23:40.0312 6076 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:23:40.0312 6076 TosIde - ok
22:23:40.0390 6076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:23:40.0625 6076 Udfs - ok
22:23:40.0718 6076 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:23:40.0734 6076 ultra - ok
22:23:41.0046 6076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:23:41.0109 6076 Update - ok
22:23:41.0156 6076 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:23:41.0625 6076 USBAAPL - ok
22:23:42.0031 6076 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:23:42.0421 6076 usbaudio - ok
22:23:43.0062 6076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:23:43.0578 6076 usbccgp - ok
22:23:44.0031 6076 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:23:44.0140 6076 usbehci - ok
22:23:44.0234 6076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:23:44.0343 6076 usbhub - ok
22:23:44.0593 6076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:23:44.0921 6076 usbprint - ok
22:23:45.0296 6076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:23:45.0734 6076 usbscan - ok
22:23:45.0765 6076 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:23:46.0187 6076 usbstor - ok
22:23:46.0406 6076 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:23:46.0578 6076 usbuhci - ok
22:23:46.0640 6076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:23:46.0875 6076 VgaSave - ok
22:23:47.0203 6076 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:23:47.0203 6076 viaagp - ok
22:23:47.0265 6076 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:23:47.0265 6076 ViaIde - ok
22:23:47.0281 6076 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:23:47.0296 6076 VolSnap - ok
22:23:47.0406 6076 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
22:23:47.0640 6076 w39n51 - ok
22:23:48.0015 6076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:23:48.0484 6076 Wanarp - ok
22:23:48.0796 6076 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:23:48.0890 6076 wanatw - ok
22:23:48.0906 6076 WDICA - ok
22:23:48.0953 6076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:23:48.0968 6076 wdmaud - ok
22:23:49.0078 6076 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:23:49.0203 6076 WS2IFSL - ok
22:23:49.0453 6076 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:23:49.0562 6076 WSTCODEC - ok
22:23:49.0609 6076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:23:49.0640 6076 WudfPf - ok
22:23:49.0687 6076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:23:49.0859 6076 WudfRd - ok
22:23:49.0968 6076 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
22:23:50.0015 6076 \Device\Harddisk0\DR0 - ok
22:23:50.0031 6076 Boot (0x1200) (678f6c8cd600c6e4fe838ec8f49e6a4c) \Device\Harddisk0\DR0\Partition0
22:23:50.0031 6076 \Device\Harddisk0\DR0\Partition0 - ok
22:23:50.0046 6076 Boot (0x1200) (f7c07470ae3062d84f2adc57132b2347) \Device\Harddisk0\DR0\Partition1
22:23:50.0046 6076 \Device\Harddisk0\DR0\Partition1 - ok
22:23:50.0046 6076 ============================================================
22:23:50.0046 6076 Scan finished
22:23:50.0046 6076 ============================================================
22:23:50.0062 5580 Detected object count: 0
22:23:50.0062 5580 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 25 December 2011 - 11:33 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Shehub

Shehub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 27 December 2011 - 12:07 AM

I did what you said, and my computer went to blue screen and crashed then restarted on its own. So the program didn't work I am assuming

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 27 December 2011 - 12:23 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Shehub

Shehub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 28 December 2011 - 05:21 PM

There weren't any infections.


aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 15:50:58
-----------------------------
15:50:58.218 OS Version: Windows 5.1.2600 Service Pack 3
15:50:58.218 Number of processors: 2 586 0xE08
15:50:58.218 ComputerName: TWINS UserName: Owner
15:51:00.234 Initialize success
15:53:53.296 AVAST engine defs: 11122801
15:54:00.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:54:00.562 Disk 0 Vendor: HTS54101 MBZO Size: 95396MB BusType: 3
15:54:00.578 Disk 0 MBR read successfully
15:54:00.593 Disk 0 MBR scan
15:54:00.703 Disk 0 unknown MBR code
15:54:00.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 88381 MB offset 14346045
15:54:00.750 Disk 0 Partition 2 00 0B FAT32 RECOVERY 7004 MB offset 63
15:54:00.750 Disk 0 scanning sectors +195350400
15:54:00.843 Disk 0 scanning C:\WINDOWS\system32\drivers
15:54:34.953 Service scanning
15:54:36.328 Modules scanning
15:54:46.640 Disk 0 trace - called modules:
15:54:46.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll IASTOR.SYS
15:54:46.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dabab8]
15:54:46.718 3 CLASSPNP.SYS[f76defd7] -> nt!IofCallDriver -> \Device\000000ad[0x86d30898]
15:54:46.734 5 ACPI.sys[f74d5620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8680a030]
15:54:49.875 AVAST engine scan C:\WINDOWS
15:55:09.062 AVAST engine scan C:\WINDOWS\system32
15:58:30.203 AVAST engine scan C:\WINDOWS\system32\drivers
15:58:50.531 AVAST engine scan C:\Documents and Settings\Owner
16:16:22.968 AVAST engine scan C:\Documents and Settings\All Users
16:19:28.437 Scan finished successfully
16:19:59.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:19:59.781 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBRlog.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 28 December 2011 - 09:00 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 01 January 2012 - 09:49 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Shehub

Shehub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 02 January 2012 - 07:54 PM

I have been away, I am starting it now

#13 Shehub

Shehub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 02 January 2012 - 08:16 PM

I didn't have connection to get windows recovery console, my combo fix was outdated and I manually rebooted it. Combo fix didn't do anything

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 03 January 2012 - 12:51 PM

did combofix make a report?

what is still wrong with the computer at this time



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 05 January 2012 - 11:42 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users